<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <link rel="stylesheet" type="text/css" href="style.css">
    <title>Upload a File</title>
</head>
    <div class="main">
        <h1>Upload a file</h1>
        <form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
            <input type="hidden" name="MAX_FILE_SIZE" value="2000000">Choose a File: <input name="theFile" type="file"><br>Owner Name:<input type="text" name="userName" class="no"><br>Password:<input type="password" name="userPassword" class="no"><br><input name="Submit" type="submit" class="no" value="Upload"><br>
            Need to <a href="search.php">Search</a> for a file?
        </form>
        <?php
        if(isset($_POST['Submit'])){

            //retreive post variables
            $fileName = $_FILES['theFile']['name'];
            $tmpName  = $_FILES['theFile']['tmp_name'];
            $fileSize = $_FILES['theFile']['size'];
            $fileType = $_FILES['theFile']['type'];

            //open the file, parse, etc.
            $fp      = fopen($tmpName, 'r');
            $content = fread($fp, filesize($tmpName));
            $content = addslashes($content);
            fclose($fp);

            $fileName = addslashes($fileName);
  			/*Password Encrypting Function*/          
            function eliteEncrypt($string) { 
		    // Create a salt 
		    $salt = md5($string."%*4!#$;\.k~'(_@"); 
    	    // Hash the string 
		    $string = md5("$salt$string$salt"); 
   	 		return $string; 
		} 
            
			/*Declar Username and Password Variables*/
			//$user = $_POST['userName'];
			$password1 = $_POST['userPassword'];
			$password2 = eliteEncrypt($password1);
			require('sql.php');
            /*Select the DB */
            mysql_select_db("UPLOAD", $connect);
			/* Insert value into DB */
            $sql = "INSERT INTO upload (name, size, type, content, owner, password ) ".
                "VALUES ('$fileName', '$fileSize', '$fileType', '$content', '$_POST[userName]', '$password2')";
            /* Execute the Query*/
            mysql_query($sql,$connect);
           	require('analytics.php');
        }
        ?>
        <div class="yes"><?php
		require('sql.php');      
        /*Select the DB */
        mysql_select_db("UPLOAD", $connect);
        $sql = mysql_query("SELECT id FROM upload WHERE name = '$fileName'");
        while($row = mysql_fetch_array($sql))
        {
            echo ''.$fileName.' has been successfully uploaded.<br> Download: <a target="_blank" href=/upload/download.php?id='.$row['id'].'>'.$fileName.'</a><br>';
        }
        ?></div>

    </div>
    <script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-4250908-19']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</html>